SamSam ransomware campaign

Delaware, USA – January 22, 2018 – Over the past month, a hacker group that spreads SamSam Ransomware has conducted a number of successful attacks against organizations in the US, Canada and India. Since December 25, adversaries have managed to get more than 25 bitcoins ransom. Significant media attention was attracted to the story of the attack on the Hancock Health Hospital in Indiana when management paid the ransom because recovery from backups would take too long. In each case of attack, adversaries used a specially created modification of SamSam Ransomware. Adversaries brute-forced passwords to victims’ RDP connections to penetrate the network and install the malware strain on as many systems as possible. Most victims of the cybergang are related to healthcare, and the amount of ransom in each case was assigned individually.

Brute-forcing RDP connections to install Ransomware is a common practice among cybercriminals. It is necessary to use strong passwords and monitor authentication events to be able to defend against such attacks. The Brute Force Detection SIEM use case will help your SIEM detect attempts of password guessing. Also, to detect the activities of cybercriminals within your network, you can use Ransomware Hunter Advanced, which can detect suspicious actions before attackers encrypt your files.